[RFC net-next 08/17] tls: store original read_sock for non-tcp sockets
From: Geliang Tang <geliang@kernel.org>
Date: 2026-06-22 10:44:57
Also in:
mptcp
Subsystem:
networking [general], networking [tls], the rest · Maintainers:
"David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, John Fastabend, Sabrina Dubroca, Linus Torvalds
From: Geliang Tang <redacted> TLS strparser uses tcp_read_sock() to copy data from the underlying socket. This assumes the socket is always TCP, which fails when TLS is used over MPTCP. Store the original socket's read_sock method (sk->sk_socket->ops-> read_sock) in a new .sk_read_sock callback inside struct tls_context. Then in tls_strp_read_copyin(), call this stored callback instead of the hard-coded tcp_read_sock(). With this change, TLS strparser works transparently over any socket that implements .read_sock (including MPTCP, which already provides mptcp_read_sock). Behavior for plain TCP remains unchanged. Co-developed-by: Gang Yan <redacted> Signed-off-by: Gang Yan <redacted> Co-developed-by: Zqiang <qiang.zhang@linux.dev> Signed-off-by: Zqiang <qiang.zhang@linux.dev> Signed-off-by: Geliang Tang <redacted> --- include/net/tls.h | 2 ++ net/tls/tls_main.c | 1 + net/tls/tls_strp.c | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/net/tls.h b/include/net/tls.h
index e57bef58851e..aee4f74dc3d9 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h@@ -262,6 +262,8 @@ struct tls_context { struct sock *sk; void (*sk_destruct)(struct sock *sk); + int (*sk_read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); union tls_crypto_context crypto_send; union tls_crypto_context crypto_recv;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index b6adfa67491b..c9499bfd7a1d 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c@@ -1086,6 +1086,7 @@ static int tls_init(struct sock *sk) ctx->tx_conf = TLS_BASE; ctx->rx_conf = TLS_BASE; ctx->tx_max_payload_len = TLS_MAX_PAYLOAD_SIZE; + ctx->sk_read_sock = sk->sk_socket->ops->read_sock; update_sk_prot(sk, ctx); out: write_unlock_bh(&sk->sk_callback_lock);
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 82a5b64b5f48..9945d17b2f8c 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c@@ -375,6 +375,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, struct sk_buff *in_skb, static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx = tls_get_ctx(strp->sk); read_descriptor_t desc; desc.arg.data = strp;
@@ -382,7 +383,7 @@ static int tls_strp_read_copyin(struct tls_strparser *strp) desc.count = 1; /* give more than one skb per call */ /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->sk_read_sock(strp->sk, &desc, tls_strp_copyin); return desc.error; }
--
2.53.0